CVE-2016-4810

Published: Jun 1, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.

Affected (10)

Products: Citrix: Xenapp, Xendesktop

Citrix

2 products

Xenapp

Xendesktop

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenapp	Version 7.5
Citrix Xenapp	Version 7.6
Citrix Xendesktop	Version 7.0
Citrix Xendesktop	Version 7.1
Citrix Xendesktop	Version 7.5
Citrix Xendesktop	Version 7.6
Citrix Xendesktop	Version 7.6 fp1
Citrix Xendesktop	Version 7.6 fp2
Citrix Xendesktop	Version 7.6 fp3
Citrix Xendesktop	Version 7.6 ltsr

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://support.citrix.com/article/CTX213045

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1036021

Source: cve@mitre.org

http://support.citrix.com/article/CTX213045

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1036021

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.